..
    generated, remove this comment to keep this file

``nullsessionpipes``
====================

.. code-block:: console

    $ target-query <path/to/target> -f nullsessionpipes


.. list-table:: Details
    :widths: 20 80

    * - Module
      - ``os.windows.generic.GenericPlugin``
    * - Output
      - ``records``

**Module documentation**

Generic Windows plugin.

Provides some plugins that don't fit in a separate plugin.

**Function documentation**

Return the NullSessionPipes registry key value.

The NullSessionPipes registry key value specifies server pipes and shared folders that are excluded from the
policy that does not allow null session access. A null session implies that access to a network resource, most
commonly the IPC$ "Windows Named Pipe" share, was granted without authentication. Also known as anonymous or
guest access. These can thus be accessed without authentication and can be leveraged for latteral movement
and/or privilege escalation.

References:
    - https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares